/** * Called from ImportZip class * * @param string $file The string of the local file path stored in .elabftw.json of the zip archive */ public function uploadLocalFile($file) { if (!is_readable($file)) { throw new Exception('No file here!'); } $realName = basename($file); $longName = $this->getCleanName() . "." . Tools::getExt($realName); $fullPath = ELAB_ROOT . 'uploads/' . $longName; $this->moveFile($file, $fullPath); $this->dbInsert($realName, $longName, $this->getHash($fullPath)); }
} if ($count > 0) { echo "<div class='box'>"; echo "<img src='img/attached.png' class='bot5px'> <h3 style='display:inline'>" . ngettext('Attached file', 'Attached files', $count) . "</h3>"; echo "<div class='row'>"; while ($uploads_data = $req->fetch()) { echo "<div class='col-md-4 col-sm-6'>"; echo "<div class='thumbnail'>"; // show the delete button only in edit mode, not in view mode if ($_GET['mode'] === 'edit') { echo "<a class='align_right' href='app/delete_file.php?id=" . $uploads_data['id'] . "&type=" . $uploads_data['type'] . "&item_id=" . $uploads_data['item_id'] . "' onClick=\"return confirm('Delete this file ?');\">"; echo "<img src='img/small-trash.png' title='delete' alt='delete' /></a>"; } // end if it is in edit mode // get file extension $ext = filter_var(Tools::getExt($uploads_data['real_name']), FILTER_SANITIZE_STRING); $filepath = 'uploads/' . $uploads_data['long_name']; $thumbpath = $filepath . '_th.jpg'; // list of extensions with a corresponding img/thumb-*.png image $common_extensions = array('avi', 'csv', 'doc', 'docx', 'mov', 'pdf', 'ppt', 'rar', 'xls', 'xlsx', 'zip'); // Make thumbnail only if it isn't done already if (!file_exists($thumbpath)) { make_thumb($filepath, $ext, $thumbpath, 100); } // only display the thumbnail if the file is here if (file_exists($thumbpath) && preg_match('/(jpg|jpeg|png|gif)$/i', $ext)) { // we add rel='gallery' to the images for fancybox to display it as an album (possibility to go next/previous) echo "<a href='uploads/" . $uploads_data['long_name'] . "' class='fancybox' rel='gallery' "; if ($uploads_data['comment'] != 'Click to add a comment') { echo "title='" . $uploads_data['comment'] . "'"; }
public function testGetExt() { $this->assertEquals('gif', \Elabftw\Elabftw\Tools::getExt('myfile.gif')); $this->assertEquals('gif', \Elabftw\Elabftw\Tools::getExt('/path/to/myfile.gif')); $this->assertEquals('unknown', \Elabftw\Elabftw\Tools::getExt('/path/to/myfilegif')); }
$sql = "DELETE FROM items WHERE id = :id"; $req = $pdo->prepare($sql); $result[] = $req->execute(array('id' => $id)); // delete associated tags $sql = "DELETE FROM items_tags WHERE item_id = :id"; $req = $pdo->prepare($sql); $result[] = $req->execute(array('id' => $id)); // delete associated files $sql = "SELECT real_name, long_name FROM uploads WHERE item_id = :id AND type = :type"; $req = $pdo->prepare($sql); $req->execute(array('id' => $id, 'type' => 'items')); while ($uploads = $req->fetch()) { $filepath = ELAB_ROOT . 'uploads/' . $uploads['long_name']; unlink($filepath); // remove thumbnail $ext = Tools::getExt($uploads['real_name']); if (file_exists(ELAB_ROOT . 'uploads/' . $uploads['long_name'] . '_th.' . $ext)) { unlink(ELAB_ROOT . 'uploads/' . $uploads['long_name'] . '_th.' . $ext); } } // now remove them from the database $sql = "DELETE FROM uploads WHERE item_id = :id AND type = :type"; $req = $pdo->prepare($sql); $result[] = $req->execute(array('id' => $id, 'type' => 'items')); // delete links of this item in experiments with this item linked // get all experiments with that item linked $sql = "SELECT id FROM experiments_links WHERE link_id = :link_id"; $req = $pdo->prepare($sql); $result[] = $req->execute(array('link_id' => $id)); while ($links = $req->fetch()) { $delete_sql = "DELETE FROM experiments_links WHERE id = :links_id";
/** * If files are attached we want them! * * @throws Exception if it cannot rename the file or SQL request failed * @param string $file The path of the file in the archive */ private function importFile($file) { // first move the file to the uploads folder $longName = hash("sha512", uniqid(rand(), true)) . '.' . \Elabftw\Elabftw\Tools::getExt($file); $newPath = ELAB_ROOT . 'uploads/' . $longName; if (!rename($this->tmpPath . '/' . $file, $newPath)) { throw new Exception('Cannot rename file!'); } // make md5sum $md5 = hash_file('md5', $newPath); // now insert it in sql $sql = "INSERT INTO uploads(\n real_name,\n long_name,\n comment,\n item_id,\n userid,\n type,\n md5\n ) VALUES(\n :real_name,\n :long_name,\n :comment,\n :item_id,\n :userid,\n :type,\n :md5\n )"; $req = $this->pdo->prepare($sql); $req->bindParam(':real_name', basename($file)); $req->bindParam(':long_name', $longName); $req->bindValue(':comment', 'Click to add a comment'); $req->bindParam(':item_id', $this->newItemId); $req->bindParam(':userid', $_SESSION['userid']); $req->bindValue(':type', $this->category); $req->bindParam(':md5', $md5); if (!$req->execute()) { throw new Exception('Cannot import in database!'); } }
if ($type === 'experiments') { // we check that the user owns the experiment before adding things to it if (!is_owned_by_user($item_id, 'experiments', $_SESSION['userid'])) { die('Not your experiment'); } } // check we actually have files if (count($_FILES) === 0) { die('No files received'); } // UPLOAD A FILE TO AN EXPERIMENT OR DB ITEM if ($type === 'experiments' || $type == 'items') { // Create a clean filename : remplace all non letters/numbers by '.' (this way we don't lose the file extension) $realname = preg_replace('/[^A-Za-z0-9]/', '.', $_FILES['file']['name']); // get extension $ext = \Elabftw\Elabftw\Tools::getExt($realname); // Create a unique long filename + extension $longname = hash("sha512", uniqid(rand(), true)) . "." . $ext; // Try to move the file to its final place if (rename($_FILES['file']['tmp_name'], ELAB_ROOT . 'uploads/' . $longname)) { // generate a md5sum of the file if it's not too big if ($_FILES['file']['size'] < 5000000) { $md5 = hash_file('md5', ELAB_ROOT . 'uploads/' . $longname); } else { $md5 = null; } // SQL TO PUT FILE IN UPLOADS TABLE $sql = "INSERT INTO uploads(\n real_name,\n long_name,\n comment,\n item_id,\n userid,\n type,\n md5\n ) VALUES(\n :real_name,\n :long_name,\n :comment,\n :item_id,\n :userid,\n :type,\n :md5\n )"; $req = $pdo->prepare($sql); $req->execute(array('real_name' => $realname, 'long_name' => $longname, 'comment' => 'Click to add a comment', 'item_id' => $item_id, 'userid' => $_SESSION['userid'], 'type' => $type, 'md5' => $md5)); } else {
/** * Reference the attached files (if any) in the pdf * Add also the hash sum */ private function addAttachedFiles() { // SQL to get attached files $sql = "SELECT * FROM uploads WHERE item_id = :id AND type = :type"; $req = $this->pdo->prepare($sql); $req->bindParam(':id', $this->id); $req->bindParam(':type', $this->type); $req->execute(); $real_name = array(); $long_name = array(); $comment = array(); $hash = array(); $hash_algorithm = array(); while ($uploads = $req->fetch()) { $real_name[] = $uploads['real_name']; $long_name[] = $uploads['long_name']; $comment[] = $uploads['comment']; $hash[] = $uploads['hash']; $hash_algorithm[] = $uploads['hash_algorithm']; } // do we have files attached ? if ($req->rowCount() > 0) { $this->content .= "<section class='no_break'>"; if ($req->rowCount() === 1) { $this->content .= "<h3>Attached file :</h3>"; } else { $this->content .= "<h3>Attached files :</h3>"; } $this->content .= "<ul>"; $real_name_cnt = $req->rowCount(); for ($i = 0; $i < $real_name_cnt; $i++) { $this->content .= "<li>" . $real_name[$i]; // add a comment ? don't add if it's the default text if ($comment[$i] != 'Click to add a comment') { $this->content .= " (" . stripslashes(htmlspecialchars_decode($comment[$i])) . ")"; } // add hash ? don't add if we don't have it // length must be greater (sha2 hashes) or equal (md5) 32 bits if (strlen($hash[$i]) >= 32) { // we have hash $this->content .= "<br>" . $hash_algorithm[$i] . " : " . $hash[$i]; } // if this is an image file, add the thumbnail picture $ext = filter_var(Tools::getExt($real_name[$i]), FILTER_SANITIZE_STRING); $filepath = 'uploads/' . $long_name[$i]; if (file_exists($filepath) && preg_match('/(jpg|jpeg|png|gif)$/i', $ext)) { $this->content .= "<br /><img class='attached_image' src='" . $filepath . "' alt='attached image' />"; } $this->content .= "</li>"; } $this->content .= "</ul></section>"; } }
$sql = "SELECT userid, real_name, long_name, item_id FROM uploads WHERE id = :id"; $req = $pdo->prepare($sql); $req->bindParam(':id', $id, PDO::PARAM_INT); $req->execute(); $data = $req->fetch(); if ($data['userid'] == $_SESSION['userid']) { // Good to go -> delete file from SQL table $sql = "DELETE FROM uploads WHERE id = :id"; $reqdel = $pdo->prepare($sql); $reqdel->bindParam(':id', $id, PDO::PARAM_INT); $reqdel->execute(); // now delete it from filesystem $filepath = ELAB_ROOT . 'uploads/' . $data['long_name']; unlink($filepath); // remove thumbnail $ext = Tools::getExt($data['real_name']); if (file_exists(ELAB_ROOT . 'uploads/' . $data['long_name'] . '_th.' . $ext)) { unlink(ELAB_ROOT . 'uploads/' . $data['long_name'] . '_th.' . $ext); } // Redirect to the viewXP $msg_arr = array(); $msg_arr[] = sprintf(_('File %s deleted successfully.'), $data['real_name']); $_SESSION['infos'] = $msg_arr; header("location: ../experiments.php?mode=edit&id=" . $data['item_id']); } else { die; } // DATABASE ITEM } elseif ($_GET['type'] === 'items') { // Get realname $sql = "SELECT real_name, long_name, item_id FROM uploads WHERE id = :id AND type = 'items'";